package eu.emi.security.authn.x509.helpers.crl;

import eu.emi.security.authn.x509.StoreUpdateListener;
import eu.emi.security.authn.x509.helpers.pkipath.PlainStoreUtils;
import eu.emi.security.authn.x509.impl.CRLParameters;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/crl/PlainCRLStoreSpi.class */
public class PlainCRLStoreSpi extends AbstractCRLCertStoreSpi {
    private CRLParameters params;
    private final CertificateFactory factory;
    private final PlainStoreUtils utils;
    private Timer timer;
    private long updateInterval;
    private Object intervalLock;
    private Map<X500Principal, Set<URL>> ca2location;
    private Map<URL, X509CRL> loadedCRLs;

    public PlainCRLStoreSpi(CRLParameters cRLParameters, Timer timer, Collection<? extends StoreUpdateListener> collection) throws InvalidAlgorithmParameterException {
        super(cRLParameters, collection);
        this.intervalLock = new Object();
        this.params = cRLParameters.clone();
        this.loadedCRLs = new HashMap();
        this.ca2location = new HashMap();
        this.utils = new PlainStoreUtils(this.params.getDiskCachePath(), "-crl", this.params.getCrls());
        try {
            this.factory = CertificateFactory.getInstance("X.509");
            this.updateInterval = this.params.getCrlUpdateInterval();
            this.timer = timer;
            update();
            scheduleUpdate();
        } catch (CertificateException e) {
            throw new RuntimeException("Can't find certificate fctory for alg. X.509, JDK is misconfigured?", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509CRL loadCRL(URL url) throws IOException, CRLException, URISyntaxException {
        boolean z = false;
        if (url.getProtocol().equalsIgnoreCase("file")) {
            z = true;
        }
        try {
            URLConnection openConnection = url.openConnection();
            if (!z) {
                openConnection.setConnectTimeout(this.params.getRemoteConnectionTimeout());
                openConnection.setReadTimeout(this.params.getRemoteConnectionTimeout());
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
            X509CRL x509crl = (X509CRL) this.factory.generateCRL(bufferedInputStream);
            bufferedInputStream.close();
            notifyObservers(url.toExternalForm(), StoreUpdateListener.Severity.NOTIFICATION, null);
            if (!z) {
                this.utils.saveCacheFile(x509crl.getEncoded(), url);
            }
            return x509crl;
        } catch (IOException e) {
            if (z || this.params.getDiskCachePath() == null) {
                throw e;
            }
            File cacheFile = this.utils.getCacheFile(url);
            if (!cacheFile.exists()) {
                throw e;
            }
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new FileInputStream(cacheFile));
            X509CRL x509crl2 = (X509CRL) this.factory.generateCRL(bufferedInputStream2);
            bufferedInputStream2.close();
            notifyObservers(url.toExternalForm(), StoreUpdateListener.Severity.WARNING, new IOException("Warning: CRL was not loaded from its URL, but its previously cached copy was loaded from disk file " + cacheFile.getPath(), e));
            return x509crl2;
        }
    }

    public List<String> getLocations() {
        return this.utils.getLocations();
    }

    public void setUpdateInterval(long j) {
        synchronized (this.intervalLock) {
            long j2 = this.updateInterval;
            this.updateInterval = j;
            if (j2 <= 0) {
                scheduleUpdate();
            }
        }
    }

    public long getUpdateInterval() {
        long j;
        synchronized (this.intervalLock) {
            j = this.updateInterval;
        }
        return j;
    }

    private synchronized void removeStaleIssuerMapping() {
        Iterator<Map.Entry<X500Principal, Set<URL>>> it = this.ca2location.entrySet().iterator();
        while (it.hasNext()) {
            Iterator<URL> it2 = it.next().getValue().iterator();
            while (it2.hasNext()) {
                URL next = it2.next();
                if (!this.utils.isPresent(next)) {
                    it2.remove();
                    this.loadedCRLs.remove(next);
                }
            }
        }
    }

    protected void reloadCRLs(Collection<URL> collection) {
        for (URL url : collection) {
            try {
                addCRL(loadCRL(url), url);
            } catch (Exception e) {
                notifyObservers(url.toExternalForm(), StoreUpdateListener.Severity.ERROR, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void addCRL(X509CRL x509crl, URL url) {
        Set<URL> set = this.ca2location.get(x509crl.getIssuerX500Principal());
        if (set == null) {
            set = new HashSet();
            this.ca2location.put(x509crl.getIssuerX500Principal(), set);
        }
        set.add(url);
        this.loadedCRLs.put(url, x509crl);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void update() {
        this.utils.establishWildcardsLocations();
        removeStaleIssuerMapping();
        reloadCRLs(this.utils.getURLLocations());
        reloadCRLs(this.utils.getResolvedWildcards());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scheduleUpdate() {
        if (getUpdateInterval() > 0) {
            this.timer.schedule(new TimerTask() { // from class: eu.emi.security.authn.x509.helpers.crl.PlainCRLStoreSpi.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    if (PlainCRLStoreSpi.this.getUpdateInterval() > 0) {
                        PlainCRLStoreSpi.this.update();
                    }
                    PlainCRLStoreSpi.this.scheduleUpdate();
                }
            }, getUpdateInterval());
        }
    }

    protected synchronized Collection<X509CRL> getCRLForIssuer(X500Principal x500Principal) {
        Set<URL> set = this.ca2location.get(x500Principal);
        if (set == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(set.size());
        Iterator<URL> it = set.iterator();
        while (it.hasNext()) {
            arrayList.add(this.loadedCRLs.get(it.next()));
        }
        return arrayList;
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends Certificate> engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        return Collections.emptySet();
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends CRL> engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        if (!(cRLSelector instanceof X509CRLSelector)) {
            throw new IllegalArgumentException(getClass().getName() + " class supports only X509CRLSelector, got: " + cRLSelector.getClass().getName());
        }
        X509CRLSelector x509CRLSelector = (X509CRLSelector) cRLSelector;
        Collection<X500Principal> issuers = x509CRLSelector.getIssuers();
        ArrayList arrayList = new ArrayList();
        if (issuers == null) {
            return arrayList;
        }
        Iterator<X500Principal> it = issuers.iterator();
        while (it.hasNext()) {
            for (X509CRL x509crl : getCRLForIssuer(it.next())) {
                if (x509CRLSelector.match(x509crl)) {
                    arrayList.add(x509crl);
                }
            }
        }
        return arrayList;
    }

    @Override // eu.emi.security.authn.x509.helpers.crl.AbstractCRLCertStoreSpi
    public void dispose() {
        removeAllObservers();
        setUpdateInterval(-1L);
    }
}
